taken into account that every other month one website where I have a (unique) password on is hacked, I find it difficult to generate enough new passwords that I can actually memorize (I start mixing them up). Can you recommend me a good (and safe!!!) windows-compatible program to store my passwords locally on my computer? (Unfortunately, changing the OS is not an option for me at this moment of time).

It's the best I could find. Very powerful encryption, versions for all desktop and mobile OS-es, and has a "autotype" function so you don't need to copy and paste your password, it will fill it directly to your browser (or any other app). Also has a very good password generator. I use it for some time now (2+ years) and I couldn't be happier.

whatever you do, dont store your passwords in an online database, to me this just defies all logic, an takes a hippo shit all over it.

...but because I can already hear the voices shouting "But I want my passwords synced across devices! Pronto!", the good enough solution is to place the password database in Dropbox so it's automagically synced. The better solution would be Sparkleshare on your own server, when they'll have a stable client for all major platforms.

Thanks for all the replies. Guess I gonna use KeePass - it got some good evaluations, as well. And no, I'm not gonna store them online. That's why I asked for a program running on my local machine Maybe I'm a bit paranoid there but it doesn't look to safe to me.

Roboform Portable is what I use however Keepass is nearly identical in function. What I don't like about Roboform is although the passwords are encrypted you can look into the file structure of the program enough to see that there are passwords stored for what sites as it uses the name you give it when storing the password as the file name:

F:\MyRoboForm Data -Default Profile -Blogs Bitcointalk.rfp

This in turn tells the attacker that first off you do have an account and at what site, something I may actually be trying to hide. It may be that I am actually trying to hide the fact that I have used say Facebook or a certain email provider as much as I am trying to hide the password itself. I also assume the attacker could concentrate his efforts on cracking that single file vs. the database as a whole. Granted I could type garbage for the name of the site, FGHE equals Facebook but then I have to keep track of that information as well.

Roboform Portable is what I use however Keepass is nearly identical in function. What I don't like about Roboform is although the passwords are encrypted you can look into the file structure of the program enough to see that there are passwords stored for what sites as it uses the name you give it when storing the password as the file name:

F:\MyRoboForm Data -Default Profile -Blogs Bitcointalk.rfp

This in turn tells the attacker that first off you do have an account and at what site, something I may actually be trying to hide. It may be that I am actually trying to hide the fact that I have used say Facebook or a certain email provider as much as I am trying to hide the password itself. I also assume the attacker could concentrate his efforts on cracking that single file vs. the database as a whole. Granted I could type garbage for the name of the site, FGHE equals Facebook but then I have to keep track of that information as well.

Lastpass is the best to use. If you ever format your pc, that is if you don't backup "firefox profile" "chrome" w/e browser you use, you sign into lastpass addon, all your passwords are there for you. Password database is encrypted on your pc before they get sent off to online through SSL.

Quote

LastPass is an evolved Host Proof hosted solution, which avoids the stated weakness of vulnerability to XSS as long as you're using the add-on. LastPass strongly believes in using local encryption, and locally created one way salted hashes to provide you with the best of both worlds for your sensitive information: Complete security, while still providing online accessibility and syncing capabilities. We've accomplished this by using 256-bit AES implemented in C++ and JavaScript (for the website) and exclusively encrypting and decrypting on your local PC. No one at LastPass can ever access your sensitive data. We've taken every step we can think of to ensure your security and privacy.

There was one breech of lastpass, they patched it, but because everything that was encrypted, only most likely weak masterpassworded accounts might, might have been cracked but doubt it, so they suggested for all to just change the masterpassword for weak passworded accounts.

Wuala protects your privacy: In stark contrast to most other online storage services, all your files get encrypted on your computer, so that no one - including the employees at Wuala and LaCie - can access your private files. Your password never leaves your computer.

i would advise against having your passwords anywhere on the internet in any form, regardless of how secure you may think it is. all it takes is for someone to keylog you, or guess your password/recovery question or something. having the PW DB locally makes the task far more arduous if you are just key logged or something less serious. keepass can even launch programs with the password in a launch parameter, steam for example.

if you want anymore things like that just post or pm or something. id be more than happy to help you secure your system, it bothers me to no end with people storing their information on the internet...

that in your URL box will make it far more difficult to get your password remotely because they would not be specifically targeting that method of logging in.

i would advise against having your passwords anywhere on the internet in any form, regardless of how secure you may think it is. all it takes is for someone to keylog you, or guess your password/recovery question or something. having the PW DB locally makes the task far more arduous if you are just key logged or something less serious. keepass can even launch programs with the password in a launch parameter, steam for example.

LastPass has a screen keyboard and one time passwords to prevent keylogging.